Ask HN: Are there downsides to making all our source code publicly available?
I run a small SaaS business and our code is currently proprietary and hidden from view, as is the norm (the client-side code is minified). However, I would prefer to make it publicly accessible, for the following reasons:
* As a matter of principle, I like to err on the side of openness.
* We have great code, fully documented and with lots of unit tests, and I'm hoping that others could learn from it.
* It might help with recruitment, if we can talk publicly about our code and about interesting problems we are solving.
Support libraries could be licensed under a permissive license, such as MIT or Apache, while our core user-facing products could either be kept proprietary ("source available"), or be licensed under terms businesses tend to dislike -- the AGPL3 comes to mind. (If doing so could spur discussions about licensing our products under a different license, that would be a nice bonus.)
Are there any downsides to doing what I describe above?
17 comments
[ 5.6 ms ] story [ 42.0 ms ] threadThen again, even that might be ok if you are covering a geographic area, for instance, and already have good penetration there.
In general, I do want to believe we can find business models where hiding the code is not important, and we can let our users contribute back, so I wonder how much of the business model you can share here?
I don't think that releasing the user-facing app creator and runtime libraries under a permissive license would be smart. However, I would still like that code to be out there, and for the utility libraries to be available for anyone to use under a permissive license.
The one downside I can see myself is that by making the source available, we might reveal security vulnerabilities. Sure, security through obscurity is not a good idea in and of itself, but revealing that we haven't updated a key, vulnerable library might still be problematic.
I am on my phone so couldn't really test it out, but it sounds sufficiently niche that it could both benefit or be harmed by releasing the code.
Usually, the hardest bit is getting the infrastructure set up, so if you do have dozens of intertwined components, just pushing the code might not really help anyone.
Still, I think it depends on the business you have and market you are covering, more than the app itself. Eg. if your market is huge, somebody will want to jump in. If it's tiny, nobody else is probably going to bother even if you made it trivial to deploy and run. And there is a huge continuum of options in between :)
One thing I've seen was default to AGPL after, say, 3 years after release. Depending on the development pace, you might make that 1 or 5 years. In general, this means you could AGPL the version from 5 years ago today.
Yeah and it doesn't have to be all-or-nothing. OP doesn't have to release the whole codebase. Maybe release small modules or little libraries that could help others get things done faster?
The least important part of your saas is your product.
What are you gaining from thr release
Also, if this does becomes a problem, we can just stop releasing new versions publicly, at which point the competitor's offering would stagnate, while our offering would continue to improve.
Money is a better tool to improve recruitment, in all probability there are better code bases for random people to learn from, and your principles are only opinions at heart.
To put it another way, if it was obviously a good idea, you would not have a question.
Good luck.
A good balance can be open sourcing an internal library or two, so you get some of the benefit without the work needed to polish the mass of your core code.
With regard to recruitment, I think the openness is mostly a benefit to employees, because they can point directly at their work product like a portfolio. So it helps recruitment, but it's about them not about your cool problems.
Making your source code open should be done only if its use and modification will increase your user base and thus revenue. This can be in the form of "hey free to try for a company but once we build production, we will need to move to paid subscription", or "hey i can use this on my local computer but I want to set it up in the cloud to be accessible publicly, for which I need to use the paid product".